Dutch cybersecurity specialists have linked a serious cryptocurrency theft to the notorious Ebury botnet, liable for compromising over 400,000 servers over a 15-year interval.
In accordance with a report from Slovakian cybersecurity agency ESET, the incident was initially uncovered throughout a 2021 investigation by the Dutch Nationwide Excessive Tech Crime Unit (NHTCU). Throughout this investigation, operatives discovered the Ebury botnet on a server linked to crypto theft.
After this revelation, the Dutch crime unit collaborated with ESET, led by researcher Marc-Etienne Léveillé, who had been learning Ebury for over a decade.
Ebury operators allegedly used a classy assault dubbed adversary-in-the-middle (AitM) to steal the crypto funds. The assault transpires with the botnet intercepting community visitors and capturing login credentials and session data.
“Cryptocurrency theft was not one thing that we’d ever seen them do earlier than,” Léveillé famous.
The botnet redirects this visitors to servers managed by the cybercriminals, permitting them to entry and steal cryptocurrency from the wallets of the victims. In its report, ESET revealed that over 100,000 remained contaminated as of 2023.
Ebury particularly targets Bitcoin and Ethereum nodes, making off with wallets and different helpful credentials. The botnet would steal the funds as soon as the unsuspecting victims entered their credentials on the contaminated server.
Additional, as soon as a sufferer’s system was compromised, Ebury would exfiltrate credentials and use them to infiltrate associated methods. The report recognized a wide selection of victims starting from universities, enterprises, web service suppliers, and cryptocurrency merchants.
The attackers additionally make use of stolen identities to lease servers and deploy their assaults. As such, it is extremely tough for regulation enforcement businesses to trace down the identities of these behind this cybercrime racket.
“They’re actually good at blurring the attribution,” Léveillé added.
One Ebury operator, Maxim Senakh, was arrested on the Finland-Russia border in 2015 and was extradited to the USA. The U.S. Division of Justice charged Senakh with laptop fraud, to which he pleaded responsible in 2017. He was sentenced to 4 years behind bars.
Whereas the masterminds behind Ebury stay at massive, the NHTCU has revealed that a number of leads are being pursued.
Crypto thefts have develop into more and more sophisticated through the years. Earlier this month, North Korean hackers employed a brand new malware variant dubbed “Durian” to focused assaults on a minimum of two cryptocurrency companies.
Previous to that, a January report from cybersecurity agency Kaspersky revealed {that a} malware was targetting cryptocurrency wallets on MacOS.
